Senate committee eyes new cyber hiring authorities for DHS

Senate lawmakers want to give the Homeland Security Department a little more horsepower for its cybersecurity engine.

Sen. Tom Carper (D-Del.), chairman of the Homeland Security and Governmental Affairs Committee, said Thursday the committee plans to mark up a bill on May 21 to give DHS more tools to hire cyber workers more easily.

“The folks at NSA have more tools and resources to attract top talent, we want to make sure Homeland Security has similar kinds of abilities,” Carper said after speaking at the AFFIRM event on cybersecurity in Washington. “My hope is that we will be able to put the finishing touches on a draft bill and offer it at our markup next week and move it along.

A spokeswoman for the committee said the details of the bill are forthcoming prior to the markup.

Lawmakers in both houses of Congress have been trying to give DHS more authority to hire cyber workers for some time.

Advertisement

The House Homeland Security Committee passed Rep. Yvette Clarke’s (D-N.Y.), the ranking member of the subcommittee on cybersecurity, infrastructure protection and security technologies, Homeland Security Cybersecurity Boots-on-the-Ground Act in December. Among the things the bill, H.R. 3107, would call for is for DHS to develop occupation classifications for individuals performing cyber activities, to ensure that these classifications may be used throughout DHS and are made available to other agencies, and to assess the readiness and capacity of DHS to meet its cybersecurity mission.

Both of these efforts come as DHS and other non-government experts have been asking Congress to give the agency more authorities to hire as many as 600 more cyber workers.

Former Secretary Janet Napolitano in October 2012 called for DHS to have similar hiring authorities as NSA. She said at the time DHS was bringing in about 600 new cyber workers, but more were needed.

Additionally, the Homeland Security Advisory Council’s Task Force on Cyberskills issued a report around the same time calling for DHS to hire 600 cyber experts and develop training standards as part of its recommendations.

Without these extra tools from Congress, DHS has turned to other approaches, including mentoring and rotational assignments. The department is testing cyber workforce skills through a similar military-style training environment.

Another avenue to train these in-demand workers is the National Initiative for Cybersecurity Education (NICE) workforce training and development program that DHS co-leads along with the Defense Department and the Office of the Director of National Intelligence.

Carper said he believes his bill has life after previous other attempts have fallen short is because recent concerns over DHS’ ability to protect their networks have tapered off.

“DHS has come a long way in terms of their own capabilities in recent years,” Carper said. “I think they are ready for Congress to join the administration in saying ‘These are your responsibilities of the things we expect you to do, and we expect other federal agencies to comply and do what’s correct.’ If they don’t want to do that, then OMB would be the hammer to say ‘OK agencies get in line and DHS is right, let’s do it.'”

Beyond the DHS workforce bill, Carper said he’s working with Sen. Tom Coburn (R-Okla.), the ranking member of the committee, to update the Federal Information Security Management Act (FISMA).

“We met with [DHS] Secretary [Jeh] Johnson yesterday to figure out how to come to an agreement on the reauthorization and an update of FISMA, and to provide the authorizations that DHS needs in order to meet their responsibilities, their obligations under the framework that the President called for creating under NIST and the private sector,” he said. “I’d love to be able to come back and pick up FISMA and some reauthorizations in subsequent mark-ups this summer.”

He said the discussions with DHS, which included Suzanne Spaulding, the undersecretary for the National Protection and Programs Directorate, and Phyllis Schneck, the deputy undersecretary for Cybersecurity at NPPD, were helpful in coming together around the concepts of FISMA reform, but it’s unclear how the committee will move forward with legislation.